FTP File Name Extensions <fileExtensions>

Overview

The <fileExtensions> element contains a collection of <add> elements that specify unique file name extensions that IIS will either allow or deny, depending on how each <add> element is defined. By using the <fileExtensions> element, you can fine-tune the types of content that your server will make available to FTP clients.

For example, if you set the allowUnlisted attribute to false, all requests for files with extensions that are not contained in the list of allowed extensions will be denied. By using the <clear> element, you can clear the list of the file name extensions that have already been defined, then you can specify just the file name extensions that you want to allow.

Note: When request filtering blocks an FTP request because of a denied file name extension, FTP 7 will return an FTP error to the client and log the following unique substatus that identifies the reason that the request was denied:

In the Connections pane, go to the site or directory for which you want to modify your request filtering settings.

In the Home pane, double-click FTP Request Filtering.

In the FTP Request Filtering pane, click the File Name Extensions tab.

Click Deny File Name Extension... in the Actions pane.

In the Deny File Name Extension dialog box, enter the file name extension that you wish to block. For example, to prevent access to files with a file name extension of .inc, you would enter "inc" in the dialog box.

Click OK.

Configuration

The <fileExtensions> element of the <requestFiltering> element is configured at the global, site or URL level.

Attributes

Attribute

Description

allowUnlisted

Optional Boolean attribute.

Specifies whether the Web server should process files that have unlisted file name extensions. If you set this attribute to true, you must list all file name extensions that you want to deny. If you set this attribute to false, you must list all file name extensions that you want to allow.

Child Elements

Removes all references to file name extensions from the <fileExtensions> collection.

remove

Optional element.

Removes a reference to a file name extension from the <fileExtensions> collection.

Configuration Sample

The following sample illustrates several security-related configuration settings in the <system.ftpServer> element for an FTP site. More specifically, the <location> settings in this example demonstrate how to:

Specify an FTP authorization rule for read and write access for the administrators group.

Note: You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.